R0 CREW

CAPA detects capabilities in executable files

image

CAPA detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.

Check out:

Github: https://github.com/fireeye/capa

1 Like